ConfigMgr 1702 Rollup Update Deployment Gotchas

Microsoft released a Rollup Update for Configuration Manager v1702 this week to address multiple issues.  One specific issue that affected many deployments was related to operating system deployment:

Starting with System Center Configuration Manager, version 1702, unknown computers that are started from media or PXE may not find task sequences targeted to them. This issue may occur if the Previous button on the “Select a task sequence to run” page is selected on the unknown computer.

There are already great examples of how to install this update, but there are a couple of key gotchas I ran into during deployment.

Continue reading

Using a Separate Domain for Office 365 Groups

Office 365 Groups, sometimes referred to as Unified Groups, have been around for a while now.  Groups are excellent for collaboration, and allowing the end user to be in control of their own collaboration experience.  Groups are bad news for IT workers who need control or are resistant to change.  The latter group of IT workers will need to get on board though as it is evident that much of the Microsoft Office 365 ecosystem will be intertwined with Groups going forward.

For the past year, I have restricted group creation in production.  There are a multitude of reasons for not using Groups upon their initial release but, ultimately, it was lack of enterprise controls.  Most of those limitations have been remediated and the time for Groups is now.

In an effort to keep some form of structure around Groups, using a multi-domain approach is useful.

Continue reading

Microsoft Teams: Changes for controlling access

On March 14, 2017 Microsoft officially launched Teams for Office 365.  While all users who were licensed with a qualifying Office 365 license automatically received the Teams tile in the app launcher, Microsoft provided a global way to control access.  The default setting was OFF.  Additionally, a note was included that the control was only temporary.

TeamsAccess.PNG

“Temporary” is subjective, and in this case (at least for Education customers), seems to Continue reading

Microsoft modifies stance on automatic group creation for managers

Microsoft recently announced that beginning on April 13, 2017 an Office 365 group would automatically be created for managers with at least 20 direct reports.  Office 365 administrators quickly let Microsoft know that they were unhappy with these forced group creations.

This evening, though, Microsoft released an update to the Message Center that they have changed their original stance.  According to the new message below, the feature will not be released as announced.  Instead, the feature is going to be rolled to a smaller group for additional testing.  Stay tuned to see what the eventual rollout looks like, if it happens at all.

GroupAutoCreation.PNG

Granting Permissions to Create Power Management Report Subscriptions in SCCM

With the role based administration controls (RBAC) in SCCM 2012 and above, a common way to grant access to reporting is using the built-in security role Read-Only Analyst.  This role grants access to view Configuration Manager objects, but also to run reports.  However, it does not grant permission to create subscriptions to these reports.  Subscription permissions are tied to other built-in roles.  For example, adding the Operating System Deployment Manager security role to a user would add the ability to create subscriptions to reports about OSD.  The only built-in role that grants permission to schedule Power Management reports, though is the Operations Administrator role.  Using custom permissions, we can grant the ability to create a subscription for all reports including Power Management.  These custom permissions will still honor any Security Scopes and Collections that are assigned to the Administrative User. Continue reading